On 12/3/2014 10:05 AM, Philip Le Riche wrote:
> Probably something silly I'm doing but I don't see it for the moment.
>
> I had rules:
> DNAT schl pinet:${Pinet}.1 tcp ssh -
> ${Schlnet}.129
> DNAT schl pinet:${Pinet}.1 tcp 5900 -
> ${Schlnet}.129
> plus another 7 pairs with consecutive destination and original
> destination addresses.
>
> I needed to add an http rule and expand it to 16 IP addresses, so I
> wrote a macro.Pi:
> PARAM - - tcp 5900:5909 - -
> PARAM - - tcp ssh - -
> PARAM - - tcp http - -
>
> and replaced all the former rules by 16 after the fashion:
> Pi(DNAT) schl pinet:${Pinet}.1 - - -
> ${Schlnet}.129
> (I generalised the VNC port while I was at it.)
>
> Connections utilising those rules were then refused. I don't see why.
> I don't either, but if you will send me the original rules file, the modified rules file and your macro file then I will take a look. -Tom PS - My apologies for the slow response; I've been traveling abroad and only had mobile phone internet access. -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
